Learning Library

← Back to Library

Cybersecurity Quiz: Prevention, Passkeys, Zero Trust

10mUnknown ChannelsecuritytutorialbeginnerWatch on YouTube ↗

Key Points

  • The quiz introduces basic cyber‑security concepts, emphasizing that the core functions are **prevention, detection, and response**, not just firewalls, antivirus, or heavy encryption.
  • Regarding **passkeys**, the speaker clarifies that losing a device does **not** make the account unrecoverable; recovery is possible via synced devices or standard account‑recovery methods.
  • The **zero‑trust** principle is defined as **“trust nothing, verify everything,”** positioning it as a high‑standard security model rather than a minimal or paranoid approach.
  • Throughout the quiz, the host stresses that many common security measures (e.g., excessive encryption or obfuscation) are insufficient on their own without a comprehensive strategy that includes detection, response, and verification.

Sections

Full Transcript

# Cybersecurity Quiz: Prevention, Passkeys, Zero Trust **Source:** [https://www.youtube.com/watch?v=yaqvUrHa84M](https://www.youtube.com/watch?v=yaqvUrHa84M) **Duration:** 00:10:58 ## Summary - The quiz introduces basic cyber‑security concepts, emphasizing that the core functions are **prevention, detection, and response**, not just firewalls, antivirus, or heavy encryption. - Regarding **passkeys**, the speaker clarifies that losing a device does **not** make the account unrecoverable; recovery is possible via synced devices or standard account‑recovery methods. - The **zero‑trust** principle is defined as **“trust nothing, verify everything,”** positioning it as a high‑standard security model rather than a minimal or paranoid approach. - Throughout the quiz, the host stresses that many common security measures (e.g., excessive encryption or obfuscation) are insufficient on their own without a comprehensive strategy that includes detection, response, and verification. ## Sections - [00:00:00](https://www.youtube.com/watch?v=yaqvUrHa84M&t=0s) **Cybersecurity Quiz Introduction and First Question** - The speaker launches a seven‑question cybersecurity quiz, guiding listeners through the format and explaining that the correct answer to the opening question is “prevention, detection, and response.” ## Full Transcript
0:00are you up for a challenge want to see 0:02how much you know about cyber security 0:04well I've got a quiz for you seven 0:06questions and we're going to go through 0:08each one of these and I want you to pick 0:10the best answer so if you're ready then 0:13get out your number two pencil close 0:15your books we're ready to start keep 0:18score okay not all of these questions 0:21are going to be rocket science so don't 0:23be prepared for uh a Mena test but let's 0:26have some fun with these okay the first 0:28one cyber security involves prevention 0:30detection and response protection 0:32obfuscation and Reporting encryption 0:34encryption and more encryption firewalls 0:37antivirus and hope well I I do hope that 0:40you understand hope is not a strategy so 0:43that would be a really bad idea although 0:45firewalls and antiv virus are certainly 0:47important Technologies not nearly enough 0:50lots and lots and lots of encryption nah 0:52that's not going to do it either we need 0:54to encrypt but that's not nearly 0:56sufficient protection obfuscation and 0:58Reporting well protection and repor 0:59reping are certainly big parts of this 1:01obfuscation which is basically trying to 1:03hide uh the the details of the system 1:06that is not the way to get a system more 1:08secure so if you got a you got it right 1:11it's prevention detection and response 1:13everything we do in cyber security is 1:15about doing those three things question 1:18two with phyto pass keys if you lose 1:21your device there is no way to recover 1:23your account all right either that's 1:25true or false hopefully you're aware 1:27unless there's some sort of 1:28superposition of States in some sort of 1:31odd Schroder's cat situation it's not 1:34neither and it can't be both so we'll 1:38eliminate those right off the bat now is 1:40it true or is it false the reason I put 1:42this one is when I did a phto video on 1:44pass Keys the number one question people 1:46asked was about what happens if I lose 1:48my device so I want everyone to 1:51understand that in fact there is a way 1:54to recover in fact you can recover a 1:57number of different ways one is if 1:59you've got different devices out here uh 2:01they can all sync up to some sort of 2:04cloud service so that if I lose this one 2:07then I can just recover my pass key on 2:10another device or I can do regular 2:12account recovery just like you do when 2:14you lose your password and you click the 2:17forgot my 2:18password question number three these 2:20aren't too hard right zero trust can be 2:23summarized as a trust everything verify 2:27nothing b trust nothing verify 2:29everything thing C the bare minimum d a 2:32paranoid delusion well uh a lot of 2:35people say that I'm suffering from one 2:38of these but no it's not that uh we we 2:41really do want to do zero trust it can 2:42help our organization if we do it the 2:44bare minimum for most organizations zero 2:47trust is not the minimum standard that 2:49they would follow it would be the 2:51maximum standard that they would follow 2:52but it's a good aspirational goal to get 2:55to so we're down to these two trust 2:57everything verify nothing trust nothing 2:59verify everything think about it this 3:01way we've got on opposite ends of a 3:04spectrum we've got implicit trust and we 3:07have zero trust and think about it this 3:11way trust everything and verify nothing 3:14that's this guy trust nothing verify 3:17everything that's zero trust so here's 3:20your correct answer question four we're 3:23about halfway through are you holding up 3:25okay let's see which of these should you 3:28do first if you're finding an IT 3:30security program Define policy encrypt 3:34everything analyze risk or get a good 3:37breakfast well as much as I believe in 3:39getting a good breakfast I don't know 3:41that that's exactly what we're looking 3:42for here so not in the best answer 3:45category of possibilities I'll tell you 3:47A lot of people think it's here you 3:50start with defining a policy and that's 3:52the way they go about doing things is 3:55they do their policy then from there 3:57they do an architecture from there they 4:00do an implementation of whatever it is 4:03that they've architected then they audit 4:06what they are doing in their systems but 4:09you know what they didn't do they didn't 4:11analyze risk this is actually not the 4:15right answer it's analyze risk clearly 4:18you want to encrypt the things that are 4:20important to you but that's not the way 4:23that you build an IT security program 4:26just encrypt everything you'll probably 4:28do that somewhere along in this phase so 4:30I'm going to suggest to you you start at 4:32analyzing risk and risk is what informs 4:35your policy and then the rest of the 4:37cycle works okay for question five we're 4:40going to make it a little more difficult 4:42this has been really easy so far I know 4:44so let's do a little bit of a challenge 4:46what happens to the strength of a 4:48symmetric key when you make it one bit 4:51longer well does it double does it stay 4:55the same in terms of strength does it 4:57get slightly stronger or does it create 5:00a rip in the SpaceTime Continuum I hope 5:03to goodness that this is not the case 5:06because then we'd all be in trouble so 5:08then now we look at this you know it's 5:10not going to be the same because the 5:12longer the key the more possibilities 5:14that someone would have to try in order 5:16to break it and it turns out that the 5:18correct answer is not a slight 5:20Improvement in fact it's a doubling so 5:23you make a symmetric key even just a 5:25little bit longer and it makes a huge 5:26difference let me show you why so a 5:28symmetric key remember that's like this 5:31where you have the key that you encrypt 5:33with is also the same key that you 5:35decrypt with that's why we call it 5:37symmetric it's the same on both sides 5:39now how do we know what the strength of 5:40a symmetric key is here's the simple 5:43mathematical formula for that it's two 5:46to the N where n is the number of bits 5:48in the key so the longer the larger the 5:51number of n the more strength you have 5:54the more different possibilities and if 5:56you know how to do exponents then you 5:58know two for instance 2 to the 2 will 6:01give you four possibilities so you'd 6:03have to try four different things worst 6:05case until you got the right one if You' 6:07make this one bit more it' be 2 to the 3 6:11so that would be eight and you also can 6:14tell I'm sure that eight is twice as 6:16much as four so just by increasing by 6:19one bit we double the strength and of 6:22course in the real world we use uh 6:24strings that are much longer than this 6:26we're going to use more things like 128 6:29uh 256 and things like that so it's a 6:32lot stronger by just a simple addition 6:35of one bit okay number six coming down 6:39the home stretch how are you doing hold 6:41out for just a little bit longer 6:43hardening is an example of which 6:45security principle defense in depth 6:48separation of Duties the principle of 6:50lease privilege or what happens when you 6:53leave bread out too long okay this is 6:55definitely true that that this is what 6:58happens but it's not really related to 7:01our question how about defense in depth 7:03that's the idea where I don't rely on 7:05any single security mechanism it's kind 7:07of belt and suspenders so that way the 7:09pants always stay on no that's not 7:11really what hardening is about 7:13separation of Duties no that's 7:16separating so that one person can't make 7:18a transaction and approve that for 7:20instance so we would require collusion 7:23in order for someone to subvert the 7:25system that's not it so by process of 7:27elimination it's the principle of Le 7:29privilege now if you're not quite sure 7:31why let's take a look at what hardening 7:33means This this term in general what it 7:35means is if I take a system maybe I 7:37install a web server install an 7:39application a database or what have you 7:41uh it may come with a default user ID 7:44and password with default access 7:46controls built into it and it may 7:48install some services that I don't 7:50actually need so what I want to do to 7:53harden this system is I want to change 7:55all of these things and eliminate any of 7:58the IDS that I don't need any of the 8:00access controls that are not absolutely 8:02necessary and any services that aren't 8:05required in order for the system to 8:07operate congratulations you made it to 8:10the final question question seven 8:12absolute security a is ultimately 8:15achievable B requires good firewalls C 8:19is worth any cost D is a pipe tream 8:22remember pick the best answer okay so 8:25absolute security is ultimately 8:28achievable uh not really because there's 8:31always going to be some level of risk if 8:32a computer is operational it can be 8:35hacked just remember that no matter how 8:37good a job we do requires good firewalls 8:40well yeah good firewalls will certainly 8:42help but it's not nearly sufficient it's 8:44not going to give you absolute security 8:46by any means so that would be a 8:48necessary but not sufficient condition 8:50in this case is worth any cost well not 8:54really because we don't want to spend 8:56more to secure a system than what the 8:57thing is actually worth so we're not 9:00going to spend infinite amounts of money 9:02in order to secure something unless that 9:04thing was worth infinite amounts of 9:06money and then D this is the trick part 9:09you notice in all the other questions 9:11the last one was always kind of a 9:13ridiculous answer and this one sounds 9:15ridiculous is a pipe dream that means 9:17it's something that's not going to be 9:18true it turns out that is the case so I 9:21gave you a little bit of a a trick 9:22question in this one absolute security 9:25is a pipe dream we're never going to get 9:27a system that has no risk involved D 9:29with it but that doesn't mean we quit we 9:32still keep fighting the good fight we 9:33still keep doing the things that we need 9:35to do to make the system as secure as 9:38our risk tolerance would dictate okay 9:41you finished the quiz let's see how you 9:43did if you got seven out of seven 9:46correct you're a super cyber geek if you 9:50got six out of seven correct I'm going 9:52to say you're a cyber 9:54Warrior if you're got four or five then 9:57you're a serious student keep learning 10:00if you're two to three okay you're a 10:03Padawan and there's a lot more to learn 10:06but keep it up if you got one you're 10:09beginning the journey that's fine if you 10:12got zero you're just really unlucky I 10:14would say but in all of these cases what 10:18I've done is in the description below 10:20there's a link to video where you can 10:22find out more details about every single 10:24one of these questions by looking at 10:26other videos that we've done on the 10:28channel so so I hope this helps you in 10:30your understanding of cyber security I 10:32hope more than anything you had a little 10:34fun with this this wasn't meant to be 10:35super hard and hopefully it wasn't and 10:38hopefully you now know areas where you 10:40can improve and you can focus on cyber 10:43security and beat the bad 10:45guys thanks for watching if you found 10:47this video interesting and would like to 10:49learn more about cyber security please 10:51remember to hit like And subscribe to 10:52this 10:55channel